22

Along the lines of How to tell git which private key to use? I would like to use a specific ssh key in a given situation.

My problem is that even when I specify '-i something' ssh uses the keys from my ssh-agent in the order they are added.

My specific situation:

  • I have two github users, each with their own key I would like to - for example via a ssh-config - for each clone specify which key to use:
   Host USER1.git
     Hostname github.com
     User git
     IdentityFile ~/.ssh/USER1.id_rsa

ssh -vt USER1.git will still use USER2.id_rsa if that is the key first added to ssh-agent.

upe
  • 107
  • 4
svrist
  • 755
  • 2
  • 9
  • 10

3 Answers3

9

The point is to use the public key file inside IdentityFile directive.

Host USER1.git
  User git
  HostName github.com
  IdentityFile ~/.ssh/USER1.id_rsa.pub

Host USER2.git
  User git
  HostName github.com
  IdentityFile ~/.ssh/USER2.id_rsa.pub

If we specify the private key inside the SSH config, SSH agent will fail to pick the right key if the private key is encrypted.

A similar question on stackexchange: https://unix.stackexchange.com/a/495785/264704

ttimasdf
  • 445
  • 4
  • 8
8

I finally got it to work:

Host USER1.git
  User git
  HostName github.com
  IdentityFile ~/.ssh/USER1.id_rsa

Host USER2.git
  User git
  HostName github.com
  IdentityFile ~/.ssh/USER2.id_rsa
  • Indentation counts.
  • Do ssh-add -l and make sure both of your keys have been added.
    • Copy/paste each path from ssh-add -l into the appropriate line in ~/.ssh/config to avoid typos. If there is a ~/.ssh/config identityfile path typo for USER1, then the wrong key (USER2's key) will be used instead.

I got the instructions over at BitBucket. They should work for GitHub since the only difference is HostName: http://confluence.atlassian.com/pages/viewpage.action?pageId=271943168#ConfiguringMultipleSSHIdentitiesforGitBashMacOSXLinux-CreateaSSHconfigfile

To get this to work on a remote server using agent forwarding, try @stijn-hoop's suggestion below (in the comments section of this answer).

dgo.a
  • 831
  • 3
  • 12
  • 23
  • 3
    For your last comment re agent forwarding, see this answer: http://superuser.com/questions/273037/using-the-identityfile-directive-in-ssh-config-when-agentforwarding-is-in-use – Stijn Hoop Feb 20 '13 at 14:19
2

Use IdentitiesOnly yes below these hosts, in .ssh/config.

Andrew Schulman
  • 3,076
  • 1
  • 22
  • 20
Cougar
  • 559
  • 2
  • 7
  • 1
    but then it will not use the agent and force me to enter passphrase for all github connections – svrist Nov 18 '11 at 08:01
  • 1
    Yes, this is how it works. You can't choose between different keys when using ssh-agent. One way is to start multiple ssh-agents and switch between them either using different wrappers for different github operations or just switching between ssh-agents (changing SSH_AUTH_SOCK) – Cougar Nov 18 '11 at 17:41
  • 8
    The comment above is incorrect -- you CAN choose identities from your ssh-agent. See also the answer I already mentioned above, http://superuser.com/questions/273037/using-the-identityfile-directive-in-ssh-config-when-agentforwarding-is-in-use – Stijn Hoop Feb 20 '13 at 14:20